I would swear this worked at one point. I have a corporate office, and I have IPSec tunnels out to my outside offices. The corporate office has an ASA5510, and most of the remote offices are running off of Pix506s, one office has an ASA5505.
When anyone connects through WebVPN, using AnyConnect or not, they can contact any of the cifs shares for servers inside the corporate office. They cannot, however, contact cifs shares on servers that are in the remote offices.
Reloading the ASA doesn't fix the issue. I also am able to access other servers (ones in the same subnet as my ASA), but not machines that are on my network but located at the other end of an IPSec tunnel.
I have had success in configuring something similar before, admittedly only WEBVPN . The issue I had was the source IP for your traffic attempting to traverse the IPSEC tunnel to access the cifs share is that of the public interface of the ASA. If you include that IP address as part of your encryption it should work. ie add another access-list line to encrypt traffic with a source of your public ip to the private LAN at the other end of the tunnel and the reverse on the remote ASA.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...